<?php
/*
 * Author: Ronin
 */
include "statics.php";
session_start();
if (isset($_SESSION["member_id"]))
{
    $member_id = $_SESSION["member_id"];
    /*
     * dummy script to send the article in html form to the client page
     */
    if (isset($_GET['version_id']) && $_GET['func'] == 'load')
    {
        $rsResult = rsSelect("path", "version", array('version_id=', $_GET['version_id']));
        if (is_string($rsResult))
        {
            echo $rsResult;
        }
        else
        {
            $row = mysql_fetch_assoc($rsResult);
            $sFilePath = $row['path'];
            $info = pathinfo($sFilePath);
            $dir = $info['dirname'];
            $name = $info['filename'];
            $completenoextension = $dir . "/" . $name;
            $completewithextension = $completenoextension . ".html";
            echo file_get_contents($completewithextension);
        }
    }

    /*
     * gets all the span ids for the article denoted by the $_GET['paperid] variable for which exists
     * one or more comments,,return all the ids if and only if the database states that anyone can see all comments
     * or the current logged in member is the author of the paper or an organizer in this conference,otherwise send only the comment ids made by the current user
     */
    else if (isset($_GET['version_id']) && isset($_GET['conference_id']) && $_GET['func'] == "getspans")
    {
        $rsAllowReview = rsSelect("view_review", "conference", array("conference_id=", $_GET['conference_id']));
        if (is_string($rsAllowReview))
            echo $rsAllowReview;
        else
        {
            $row = mysql_fetch_assoc($rsAllowReview);
            $iAllow = $row['view_review'];
            $rsResult = "";
            if ($iAllow == 1 | bIsAuthor($member_id, $_GET['version_id']) | bIsOrganizer($member_id, $_GET['conference_id']))
            {
                $rsResult = rsSelect("span_id", "comment", array("version_id=", $_GET['version_id'], "AND", "span_id<>", 0));
            }
            else
            {
                $rsResult = rsSelect("span_in", "comment", array("version_id=", $_GET['version_id'], 'AND', "commentor_id=", $member_id, "AND", "span_id<>", 0));
            }
            if (is_string($rsResult))
                echo $rsResult;
            else
            {
                while ($row = mysql_fetch_assoc($rsResult))
                {
                    echo $row['span_id'] . '%%EOR'; // return all span ids found to the requester delimited by instances of %%EOR
                }
            }
        }
    }

    /*
     * fetch all comments from the database and return all the ids and comments to the user if and only if the database states that anyone can see all comments
     * or the current logged in member is the author of the paper or an organizer in this conference, otherwise send only the comments made by the current user, %%EOR is used to delimit rows and %%EOC is used to delimit columns
     */
    else if (isset($_GET['version_id']) && $_GET['conference_id'] && $_GET['func'] == "allcomments")
    {
        $rsAllowReview = rsSelect("view_review", "conference", array("conference_id=", $_GET['conference_id']));
        if (is_string($rsAllowReview))
            echo $rsAllowReview;
        else
        {
            $row = mysql_fetch_assoc($rsAllowReview);
            $iAllow = $row['view_review'];
            $rsResult = "";
            if ($iAllow == 1 | bIsAuthor($member_id, $_GET['version_id']) | bIsOrganizer($member_id, $_GET['conference_id']))
            {
                $rsResult = rsSelect(array('text', 'span_id'), "comment", array('version_id=', $_GET['version_id'], "AND", "span_id<>", 0));
            }
            else
            {
                $rsResult = rsSelect(array("text", "span_id"), "comment", array("version_id=", $_GET['version_id'], 'AND', "commentor_id=", $member_id, "AND", "span_id<>", 0));
            }

            while ($row = mysql_fetch_assoc($rsResult))
            {
                $sUnescaped = $row["text"];
                $sEscaped = str_replace("%%EOC", "", $sUnescaped);
                $sEscaped = str_replace("%%EOR", "", $sEscaped);
                echo $sEscaped . '%%EOC' . $row['span_id'] . '%%EOR';
            }
        }
    }

    /*
     * retrieve the content of all the comments stored for the paper denoted by $_GET['paperid']
     * and the span denoted by the $_GET['span'], %%EOR is used as a delimiter between each comment and the next
     * in order to be able to separate them on the client side,the condition returns all comments related to this span if and only if the database states that anyone can see all comments
     * or the current logged in member is the author of the paper or an organizer in this conference, otherwise send only the comments made by the current user
     */
    else if (isset($_GET['span']) && isset($_GET['version_id']) && isset($_GET['conference_id']) && $_GET['func'] == "getcomments")
    {
        $rsAllowReview = rsSelect("view_review", "conference", array("conference_id=", $_GET['conference_id']));
        if (is_string($rsAllowReview))
            echo $rsAllowReview;
        else
        {
            $row = mysql_fetch_assoc($rsAllowReview);
            $iAllow = $row['view_review'];
            $rsResult = "";
            if ($iAllow == 1 | bIsAuthor($member_id, $_GET['version_id']) | bIsOrganizer($member_id, $_GET['conference_id']))
            {
                $rsResult = rsSelect("text", "comment", array("version_id=", $_GET['version_id'], "AND", "span_id=", $_GET['span']));
            }
            else
            {
                $rsResult = rsSelect("text", "comment", array("version_id=", $_GET['version_id'], "AND", "span_id=", $_GET['span'], "AND", "commentor_id=", $member_id));
            }
            while ($row = mysql_fetch_assoc($rsResult))
            {
                $sUnescaped = $row["text"];
                $sEscaped = str_replace('%%EOR', '', $sUnescaped); // remove all instances of %%EOR from the comment to prevent delimiter clashes
                echo $sEscaped . '%%EOR';   // send all rows in the response separated by instances of %%EOR
            }
        }
    }
    /*
     * this condition stores a comment for a single span or an array of spans it also checks to see if the lenght of the comment is more than 2000
     * which is the threshold for the text field in the database.
     */
    else if (isset($_POST["version_id"]) && isset($_POST["text"]) && isset($_POST["span"]) && $_POST["func"] == "comment")
    {
        if (strlen($_POST["text"]) <= 2000)
        {
            $ids = $_POST["span"];
            $len = count($ids);
            for ($i = 0; $i < $len; $i++)
            {
                $iResult = iInsert("comment", array("version_id" => $_POST["version_id"], "commentor_id" => $member_id, "span_id" => $ids[$i], "text" => $_POST["text"]));
                if ($iResult !== 1)
                {
                    echo "Failed to insert comment";
                    break;
                }
            }
            echo "your comment was inserted successfully";
        }
        else
            echo "Failed to insert comment";
    }
}
?>
